"Nevertheless, you could argue that having a single potentially insecure point of authentication is better than having a thousand potentially insecure points of authentication."

I'm sorry, what!? How can you possibly think that having a single point of failure for numerous sites is better than having multiple points of failure for single sites? If someone managed to get hold of my user name and password for a particular website, I would feel a lot easy about it being restricted to a single site rather than potentially every site I log in to!

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/290/29887#29887